There are shell scripts for creating X.509 certificates, revoking certificates and signing CRLs and scripts for the creation of Profile certificate files for certain devices such as Linux, Apple OS X, Windows, iOS, etc., these require careful specification of various certificate attributes so that these certificates work on a variety of devices: Android, Windows, iOS/OSX, Linux, etc. The goal of this project is to gather all that knowledge into a simple interface which should support the following:

  • Generating the proper ipsec.conf configuration based on web admin interface including DNS/split-DNS configurations.
  • Allow Administrator to invite new users using email id.
  • A new user after account validation can download the generated certificate/profile (over TLS) for different platforms.
  • The generated certificates/profiles can only be downloaded once, through the portal.
  • Admin can list, revoke/disable (temporary revocation) user certificates/profiles.
  • Generate PKCS#12 certificates for users.
  • Generate iOS/OSX .mobileconfig profiles for automatic installation on iOS/OSX.
  • Ipsilon user authentication to web application.
  • Configure munin-node to work with libreswan plugin.



Rishabh Chaudhary


  • Kim B. Heino
  • Tuomo Soini